A query string authentication provider is a non-SAML service that allows users to log in to a web portal, select a web service or application, and automatically be authenticated and signed in without having to re-enter credentials.

  • Current Setting – Select whether to Inherit or Override the displayed settings. Inherit means use the settings of the current organization group's parent OG, while Override enables the settings for editing so you can modify the current OG's settings directly.
Setting Description
Enable Query String Authentication Select to enable the feature.
Parameter Name

Enter the query string parameter name in the Parameter Name field. This must be a single value – multiple parameter names are not supported. This is the value that Workspace ONE UEM uses to recognize the login request.

This parameter name comes from your query string authentication provider. Consult your authentication provider for instructions on retrieving this information.

Session Validation URL Enter the URL of the query string authentication provider instance. It is used for session validation and administrator account details retrieval. If needed, you can include a port number for network traffic as part of the URL.

An example of the login request to the Workspace ONE UEM console would be: https://acme.mdm.com/login?<Parameter>=<session_ID>, where acme.mdm.com is the URL of your UEM console, <Parameter> is the parameter name, and <session_ID> is the session ID passed from the query string authentication provider to Workspace ONE UEM for authentication.

  • Child Permission – Select the available behavior of child organization groups that exist below the currently selected organization group. Inherit only means child OGs are only allowed to inherit these settings. Override only means they override the settings, and Inherit or Override means you can choose to inherit or override settings in child OGs that exist below the currently selected OG.